Uncontrolled Search Path Element in TkEasyGUI by Kujirahand
CVE-2025-55671

8.5HIGH

Key Information:

Vendor

Kujirahand

Status
Tkeasygui
Vendor
CVE Published:
5 September 2025

What is CVE-2025-55671?

A vulnerability exists in TkEasyGUI prior to version 1.0.22, where an uncontrolled search path element can be exploited to execute arbitrary code. This risk permits attackers to run malicious code with the same privileges as the running program, which can lead to unauthorized access and potential system compromise. It is crucial for users of the affected versions to update to mitigate these risks.

Affected Version(s)

TkEasyGUI versions prior to v1.0.22

References

https://github.com/kujirahand/tkeasygui-python/releases/t...
https://jvn.jp/en/jp/JVN48739895/

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-55671 : Uncontrolled Search Path Element in TkEasyGUI by Kujirahand